Is there a Services.msc or ntsysv utility for OSX? I just want to harden my OSX by disabling any unwanted service and it's ports.
Add a comment |
2 Answers
The OS X equivalent of Windows services is Launchd. The OS X equivalent of services.msc on Windows is launchctl. The daemons managed by launchd can be on demand or can be triggered periodically (this is configurable in launchd.plist)
You can manage the daemons from the command line (from Terminal.app under /Applications/Utilities/) or by using a tool like Lingon.
From the command line:
List agents/jobs loaded using
launchctl listDisable and enable an agent using (persists between boots)
launchctl enable <name> or launchctl disable <name>Stop and start an agent immediately using
launchctl kickstart <name> or launchctl kill <name>
The next commands are deprecated commands, which you might see on the Internet:
Remove an agent/job using
launchctl remove <name>Disable an agent/job for the currently booted session alone using
launchctl unload <name>Load an agent/job manually using
launchctl load <name>
Additional references:
- Daemons and Services Programming Guide
man launchctlinTerminal.app(or the online manual for launchctl)man launchdinTerminal.app(or the online manual for launchd)man launchd.plistinTerminal.app(or the online manual for launchd.plist)- launchd on Wikipedia
- So effectively Launchd is the init.d equivalent and launchctl something like ntsysv?polyglot– polyglot2013-10-21 11:51:33 +00:00Commented Oct 21, 2013 at 11:51
- Yes, but launchctl is a command line tool (intended to be used from a terminal shell), unlike ntsysv that provides a graphical list.M K– M K2013-10-21 12:23:00 +00:00Commented Oct 21, 2013 at 12:23
- I am still finding it very hard to understand how Agents and Daemons work. I think that Daemons are more closer to Services. Are all Daemons work on Demand? meaning that they will only enable them selves when called by a program and then close, something like ssh. However, how can I figure out which Daemons/Agents are live and exposing their ports? Should I run Netstat and then disable those Daemons if not needed?polyglot– polyglot2013-10-22 08:04:17 +00:00Commented Oct 22, 2013 at 8:04
- 1An example would have been great. Actual example.mjs– mjs2020-01-23 20:47:52 +00:00Commented Jan 23, 2020 at 20:47
- 1Uhm, it's now 2021 and launchctl unload or remove are still listed in the manpage. I doubt they are deprecated.Toby– Toby2021-01-09 08:16:12 +00:00Commented Jan 9, 2021 at 8:16
note that for the MacOS 10.13, you need to use launchctl disable system/ this will stop the process, but would keep the definition in the system folder.
- Does that mean this has to be run again after a restart?mjs– mjs2020-01-23 20:50:47 +00:00Commented Jan 23, 2020 at 20:50